Help!
Were you using a McGill-owned device and/or did you enter or otherwise provide your McGill credentials?
- If yes, visit our IT Knowledge Base article on What to do when your McGill account is compromised.
- If no, read on.
Were you using a personal device, or suspect your non-McGill accounts were compromised:
- Change your password, passphrase, or PIN using a different device.
- If you don’t use unique passwords for your accounts, make sure to change the password for any account that used the same password. For your own safety, use unique passwords or passphrases for all your accounts - a password manager can help you generate and store them!
- Scan the device using anti-malware software if possible.
- Perform any available updates and security patches on your device.
- Monitor your accounts regularly for suspicious activity.
Was your financial information accessed or potentially exposed to a cybercriminal?
- Contact your bank to notify them that your personal and financial information was viewed by an attacker, so they can take steps to protect your account.
- Contact Canada’s main credit reporting agencies to have a fraud alert added to your credit report.
- Trans Union Canada (1-866-525-0262, Québec 1-877-713-3393) or
- Equifax Canada (1-866-779-6440).
If you’ve sent money to a cybercriminal, you should report the incident as soon as possible to:
- The police (SPVM)
- The Canadian Anti-Fraud Centre
- You should also file a report with the bank or service you used to transfer the funds. They may be able to assist with funds recovery.
Scammers often re-target victims with the promise of recovering money, personal information, or with other scams. It’s a trap that plays on our hopes and fears. If you or someone you know experiences this, do not engage; instead, report the incident as soon as possible.